Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2014-11-05) Upgrading Azure AD Sync Services From GA (v1.0.419.911) To v1.0.470.1023

Posted by Jorge on 2014-11-05


As mentioned in this blog post Microsoft released a new version of the Azure AD Sync Services. As mentioned in the release notes the upgrade is quite straightforward with a fix, but only if you modified one or more sync rules.

If you already have Azure AD Sync installed, there is one additional step you have to take in case you have changed any of the out-of-box Synchronization Rules. After you have upgraded to the 1.0.470.1023 release, the synchronization rules you have modified are duplicated. For each modified Sync Rule do the following:

  • Locate the Sync Rule you have modified and take a note of the changes
  • Delete the Sync Rule
  • Locate the new Sync Rule created by Azure AD Sync and re-apply the changes.

So let’s try this and see what happens.

My starting point is the GA version

image

Figure 1: GA Version Of Azure AD Sync Services (AADSync)

Double-click on MicrosoftAzureADConnectionTool.exe and the following screen appears. Check the checkbox "I agree to the license terms" if you indeed do agree with the license terms. Click the [Upgrade] button to continue.

image

Figure 2: Initial Screen Of The Azure AD Sync Upgrade

The first thing the upgrade wizard tries to do is upgrade the Azure Active Directory Sign-in Assistance/Client, and then it will upgrade all other components. However, you might receive the following "error". If you do not see it, you’re good. therefore continue to figure 12.

image

Figure 3: Error About Upgrading The Azure Active Directory Sign-in Assistance/Client

As specified, go and look in the Application Event Log. Event ID 906 tells you to check a log file, so you should do so!

image

Figure 4: Error In The Application Event Log

You see another Event ID 906, and that’s not really helpful

image

Figure 5: Error In The Application Event Log

And yet you see another Event ID 906, and again that’s not really helpful. It just mentions the upgrade of the Azure Active Directory Sign-in Assistance/Client failed.

image

Figure 6: Error In The Application Event Log

System.Exception: Unable to upgrade the Azure Active Directory Sign-in Client.  Please see the event log for additional details. —> Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1603.

Details:
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartProcessCore(String fileName, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile, Boolean hideWindow, Boolean waitForExit)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartBackgroundProcessAndWaitForExit(String fileName, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String parametersString, String installationPath, NetworkCredential credential, String installLogFileName, Boolean quiet, Boolean suppressReboot)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackageQuietSuppressReboot(String msiPackageDirectory, String msiPackageFileName, String parametersString, String installationPath, NetworkCredential credential, String installLogFileName)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.MsiSetupTaskBase.UpgradeCore()
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Upgrade()
   — End of inner exception stack trace —
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Upgrade()
   at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.SetupAdapter.TypeDependencies.GenericDirectorySyncSetupUpgrade(String pathToSetupFiles, String installationPath, ProgressChangedEventHandler progressChangedEventHandler)
   at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.InstallOrUpgradePageViewModel.SetupTask(Object sender, DoWorkEventArgs args)
   at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.Controls.Wizards.ProgressReportingTaskViewModel.ExecuteAction(Action action, Boolean isProgressIndeterminate)

Finally looking in ‘C:\Windows\temp\AADSync\MsoIdCli_64_Install.log’ at point, almost in the end, you will see the following errors marked yellow. Basically it is saying that the repair failed. Why is it repairing instead of upgrading?

image

Figure 7: Error In The Log File About Repairing The Installation

The version of the Azure Active Directory Sign-in Assistance/Client in this AADSync package is v7.250.4556.0, and the version that I already had installed was also v7.250.4556.0. Because the versions are the same, it will not upgrade, but rather it will try to repair. On my test server, I have ADFS v3.0 and AADSync on the same server. A few days ago I updated the Azure AD PowerShell CMDlets including the Azure Active Directory Sign-in Assistance/Client. And that’s why I ended up with that version already installed.

The solution here is to go to the "Control Panel – Programs and Features" and uninstall the Azure Active Directory Sign-in Assistance/Client.

image

Figure 8: Uninstalling The Microsoft Online Services Sign-In Assistant (= Azure Active Directory Sign-in Assistance/Client)

Confirm the uninstall

image

Figure 9: Confirming Uninstalling The Microsoft Online Services Sign-In Assistant

When the uninstall is done, do not reboot the server as requested

image

Figure 10: Request To Reboot The Server

Now go back to the upgrade wizard and click the [Upgrade] button again.

image

Figure 11: Retrying The Upgrade

The upgrade will now continue. It will present the current credentials you are using to connect to Azure AD.

image

Figure 12: Credentials To Connect To Azure AD Tenant

Next it will present the current AD forest already connected. If you want to can connect extra AD forests, otherwise click the [Next] button.

image

Figure 13: AD Forests Already Connected To AADSync

Now, it presents you with the user matching configuration. You cannot change this right now, therefore click the [Next] button.

image

Figure 14: Previously Configured User Matching Options

Now, it presents you with optional features you can use. You can keep it AS-IS or you can enable what you need to enable. If you want to enable or disable optional feature, you just need to rerun the wizard.

[Exchange Hybrid Deployment] –> If you have an Exchange hybrid deployment, then select this checkbox. This will write-back some attributes from Exchange online to the on-premises Active Directory.

[Password Synchronization] –> With password synchronization, you enable your users to use the same password they are using to logon to your on-premises Active Directory to logon to Azure Active Directory. For more information on how to configure this, please see http://msdn.microsoft.com/en-us/library/azure/dn835016.aspx.

[Password Write-Back] –> Password write-back is an Azure Active Directory Premium feature. For more information on how to configure this, please see http://blogs.technet.com/b/ad/archive/2014/04/29/deep-dive-password-reset-with-on-premise-sync-in-azure-ad-premium.aspx.

[Azure AD App And Attribute Filtering] –> If you want to review or limit the attributes which are synchronized with Azure AD, then select Azure AD app and attribute filtering. You will then get two additional pages in the wizard. For more information on how to configure this, please see http://msdn.microsoft.com/en-us/library/azure/dn764938.aspx

Click the [Next] button.

image

Figure 15: Optional Features To Enable

Now it will present you with a summary screen. Click the [Next] button to really start the upgrade of the software.

image

Figure 16: Ready To Configure And Upgrade

After the upgrade you can choose to synchronize now or do it later as scheduled. Click the [Finish] button.

image

Figure 17: Finished

image

Figure 18: Upgraded Version Of Azure AD Sync Services (AADSync)

That’s all folks!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: